<?php
class MY_SecuredController extends MY_Controller {
	
	var $isOwner = false;
	var $isAdmin = false;
	var $roles = array();
	var $currUserID;
	
	public function MY_SecuredController() {
		parent::MY_Controller();
		log_message('debug', "MY_SecuredController Parent Class Initialized ");

		$user = Current_User::user();
		
		if (!$user) {
			redirect(base_url());
		}
		
		$this->roles = Current_User::getRoles();
		$this->isAdmin = in_array('Admin', $this->roles);
		$this->isOwner = in_array('Owner', $this->roles);
		
		$this->currUserID = $user->id;
		
		$this->load->helper('language');
        $this->lang->load('navigation');
		
		log_message('debug', "MY_SecuredController Class Initialized ");
	}
	
	protected function _preRender($civlid) {
		$this->checkArgument($civlid);
        $this->checkAuth($civlid);
	}
	
	protected function checkArgument(&$arg, $redirUrl = 'logout') {
		if (!isset($arg)) {
			$this->redirect($redirUrl, 'No CIVL ID found in URL', true);
		}
	}
	
	protected function checkAuth($civlid) {
	   if (!$this->isOwner && !$this->isAdmin && $civlid != $this->currUserID) {
            $this->redirect('home/index/'.$this->currUserID,
              'You are not authorised to view/edit another profile. This incident will be reported.', true);
        }		
	}

	protected function getCurrentPersonID() {
		return Current_User::user();
	}

	protected function getCurrentPerson() {
		return Doctrine::getTable('PersonModel')->find(Current_User::user()->id);
	}
	
	protected function getCurrentPilot() {
		return Doctrine::getTable('PilotModel')->find(Current_User::user()->id);
	}
	
	protected function requireRole($roleName) {
		if (!in_array($roleName, Current_User::getRoles())) {
			$this->redirect('auth/denied', "You don't have enough permissions to access this option!", true);
		}
	}
	
    protected function _checkAdminClub(&$person) {
    	if ($this->isOwner)
    	   return true;
    	
        if ($this->isAdmin) {
            $clubs = $person->Pilot->Clubs;
            $isClubAdmin = false;
            
            foreach ($clubs as $c) {
                if ($c->isAdmin(Current_User::user()->id)) {
                    $isClubAdmin = true;
                    break;
                }
            }
            
            if (!$isClubAdmin) {
                $this->redirect('auth/denied', "You can't edit a person's profile if he/she doesn't belong to your club.", true);
                return false;
            }
        }
        
        return true;
    }

    protected function _preRenderAddNavigation() {
        $user = Current_User::user();
        
        if ($user == null) { // should never happen
        	throw new Exception("User is null in a secured area!");
        }
        
        $person = $this->getCurrentPerson();
        $pilot = $person->Pilot;

        $roles = Current_User::getRoles();
        log_message('debug', 'roles for current user: '.implode(',', $roles));
        
        $navdata['authenticated'] = $user != null;
        $navdata['user'] = $user != null? $user->name : null;
        $navdata['userid'] = $user != null? $user->id : null;
        //$navdata['person'] = $person;
        $navdata['roles'] = $roles;
        $navdata['isOwner'] =  in_array('Owner', $roles);
        $navdata['isAdmin'] =  in_array('Admin', $roles);
        
        $data['navigation'] = $this->load->view('menu/navigation', $navdata, TRUE);
        $data['userid'] = $user != null? $user->id : null;
        //$data['person'] = $person;
        //$data['pilot'] = $pilot;
        
        // accessibility stuff
        $data['isOwner'] =  in_array('Owner', $roles);
        $data['isAdmin'] =  in_array('Admin', $roles);
        
        $data['currentClass'] = get_class($this);
        
        return $data;
    }
}
?>